A report written for Demand Progress by foremost NSA wonk Marcy Wheeler compiles a 12-year run of NSA overcollection and underreporting. These findings are summarized (lol) in a couple-thousand-word piece Wheeler wrote for Motherboard. Either route you take, you'll see the NSA has been given a long leash by its overseers. The end result of this mostly hands-off approach speaks for itself. From the Demand Progress white paper [PDF]:

For almost 12 years, both under Section 702 and other programs before it, NSA was always engaging in or retaining some kind of electronic surveillance the FISC would go on to deem unauthorized, and NSA would only fix the problem when threatened with criminal sanctions.

The FISA Court may often appear to be a rubber stamp, but it's often constrained by a lack of information. The NSA goes to court facing no adversaries, so the assertions it makes about lawful collection and careful use of surveillance powers are rarely challenged. When they are, it's only because the problem has become too big for the NSA to ignore and, generally, too big to hide from the court.

When the FISA Court finally has enough info to take on improper surveillance, years of unconstitutional collection have already occurred. Section 702 powers have never not been abused by the NSA, as the court belatedly noticed in 2011.

After reviewing the government's plan for MCTs [multiple communication transactions], Judge John Bates explained that “[u]nder the totality of the circumstances, then, the Court is unable to find that the government’s proposed application of NSA’s targeting and minimization procedures to MCTs is consistent with the requirements of the Fourth Amendment.”

That came three years after these powers had been granted with the 2008 FISA Amendments Act. Judge Bates' decision did almost nothing to push the NSA towards more constitutional collection efforts.

The government failed to keep those promises, and for over five more years, the government conducted queries on upstream collection in violation of procedures Judge Bates approved in response to the 2011 disclosures. After the new violations were revealed in late 2016, FISC Judge Rosemary Collyer called those queries “a very serious Fourth Amendment issue,” and she later scolded the government for “the extent of non-compliance with ‘important safeguards for interests protected by the Fourth Amendment.

The FISA Court's rulings made it clear the NSA had been overcollecting in one form or another since 2004. Despite this, the NSA took its time purging the unlawful collections from its databases. In addition to these violations, the FISA Court has found five years of repeated violations in the NSA's bulk internet metadata program, along with unconstitutional phone record collection efforts that swept up domestic records it was never supposed to have, thanks to flaws in the NSA's de-tasking procedures. That overcollection apparently spanned five years, from 2008-2013.

The recently retired "about" collection was another problematic collection, almost guaranteed to net purely domestic communications with its keyword searches and lack of targeting. The shutdown was likely spurred by the FISA Court's refusal to approve the NSA's 2015 Section 702 requests. It may also have been a mercy killing meant to prevent oversight members like Ron Wyden from ever obtaining an answer on domestic communications swept up by the program.

But that shutdown doesn't prevent "upstream" collection of communications travelling along internet backbones in foreign countries, far beyond the reach of Section 702's limitations. Upstream collections will continue to snag domestic communications and the NSA seemingly has no way (or little interest) in preventing analysts from accessing these.

The report is a harrowing read that makes it explicitly clear the NSA's oversight is mostly nonexistent. It relies heavily on self-reporting by the NSA, which tends to guarantee surveillance violations will only be brought to the court's attention after years of misuse by the agency. The same goes for its Congressional oversight, which has zero power to compel more timely -- and complete -- reporting.

Beyond its surveillance issues, the NSA is also involved in other Constitutional violations.

When Congress passed the FISA Amendments Act in 2008, it required the government to follow the same notice provisions as used under traditional FISA. If prosecutors want to use “any information obtained or derived from” Section 702 in a trial, they must tell the defendant. Yet when the government pointed to attacks prevented using Section 702 in the wake of the Edward Snowden leaks, defendants in those cases had not received the required notice. For example, the defendant in the most celebrated case involving an attack thwarted using Section 702, Najibullah Zazi, did not receive notice until July 2015, over five years after he pled guilty.

The government only started giving such notices after it emerged that Solicitor General Don Verrilli falsely informed the Supreme Court that such defendants get notice, when in fact DOJ had a policy that ensured no defendant received notice of Section 702 surveillance for nearly five years.

Going hand-in-hand with these violations are the FBI's access to privileged communications -- harvested by the NSA -- despite having policies in place meant to prevent this very behavior.

Another persistent violation involves FBI’s failure to abide by its own minimization procedures requiring that the communications for targets who have been federally indicted be reviewed and, if pertaining to the charged matter, sequestered. This means that agents may have access to attorney-client communications collected using Section 702 at the same time the government is criminally prosecuting the target of the surveillance.

To think things are better now is to ignore how the NSA has acted over the past decade-plus. The National Intelligence Director is playing nice with (limited) transparency, but underlying flaws in the NSA's collection and minimization procedures are likely still causing multiple violations. Thanks to the secretive nature of its work and its rather lax oversight, violations happening today likely won't be revealed for years to come. And this report only covers what's known about the NSA's Section 702 collections. There are other authorities we know almost nothing about, like Executive Order 12333, which may allow the NSA to continue its Fourth Amendment violations but without having to fear after-the-fact reprisal from the FISA court.